[13360] in bugtraq
Re: Password issue in Axent ESM 5.0.1 Console
daemon@ATHENA.MIT.EDU (Harold Toomey)
Fri Jan 14 23:55:20 2000
Mime-Version: 1.0
Content-Type: text/plain
Message-Id: <8A34CE6287D8D211AB0600A0C9D182239144C3@raven.rockville.axent.com>
Date: Fri, 14 Jan 2000 21:01:48 -0500
Reply-To: Harold Toomey <htoomey@AXENT.COM>
From: Harold Toomey <htoomey@AXENT.COM>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
Todd Hathaway wrote:
> Axent's latest release of its ESM product was redesigned and supposedly
> revamped around it's new "Management Console". The new management console
> is based on an underlying Access Database. The console is password
> protected each time the application is launched. However, when the user
> wants to change the console password, the next time the application is
> launched the database is inaccessible because the code does not update the
> password on the database file. It is reported that contact of Axent
> resulted in being told to launch the MS Access DB file and disable
password
> checking.
AXENT would like to clarify that this issue:
1) Does not compromise the security of ESM
2) Does not involve the underlying Access Database
3) Poses an inconvenience
4) Has a simple work-around
AXENT will have a fix available shortly, removing the inconvenience.
The Problem:
============
When changing the ESM console password, previously saved manager passwords
will become invalid. This results in the error message "Error retrieving
<Domains/Policies/Policy Runs/Templates>: ! Invalid password" when
attempting to log into an ESM manager if you use the "Save name and
password" option in the manager login dialog.
The Work-Around:
================
1. Log into the ESM console with the new password.
2. Choose the "Connect as..." command from the pop-up menu by right
clicking on the ESM manager from which you received the above error.
3. Enter the manager username and password in the manager login dialog that
is displayed, and check the "Save name and password" option.
4. Repeat steps 2 and 3 for each ESM manager for which you want to save the
password.
5. From this point on, the ESM console will operate normally.
The above issue does not compromise the security of the ESM manager or
console. Only authenticated users can access ESM. Please contact your
AXENT support representative if you have additional questions.
Harold Toomey
Technical Product Manager
AXENT Technologies, Inc.
htoomey@axent.com
